I’m a bit of a beginner when it comes to Virtualmin, so please bear with me. We’ve had some issues on our website regarding hacking via FTP, and we’re trying to identify the vulnerability points. Is there a place in Virtualmin where one can browse through the last FTP connections, since those don’t show up in the Apache Access Log? I’m using v. 4.06.gpl GPL
Thank you for your time.
FTP login attempts would be in the system log files. You can access those in Webmin by going into Webmin -> System -> System Logs.
On CentOS, I believe the FTP login attempts would be shown in /var/log/secure. On Ubuntu/Debian, that would be in /var/log/auth.
There is also FTP usage information in the various files in the various files within /var/log/proftpd.
In > System Logs it seems I have to search within the auth.log file restricting to “proftpd”.
The thing is, Virtualmin only gives me the IP address when login fails. Success appears like this:
Mar 12 14:04:58 TheUsername proftpd: pam_unix(proftpd:session): session opened for user TheUsername by (uid=0)
Any way I can get the IP address of the successful FTP connections?
You can use the “last” command to show all recent logins, which includes FTP.